﻿using System;
using System.Collections.Generic;
using System.Configuration;
using System.Globalization;
using System.Linq;
using System.Web;
using Microsoft.Owin.Security;
using Microsoft.Owin.Security.Cookies;
using Microsoft.Owin.Security.WsFederation;
using Owin;

namespace AdfsLzlTest
{
    public partial class Startup
    {
        private static string realm = ConfigurationManager.AppSettings["ida:Wtrealm"];
        private static string adfsMetadata = ConfigurationManager.AppSettings["ida:ADFSMetadata"];

        public void ConfigureAuth(IAppBuilder app)
        {
            app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);

            app.UseCookieAuthentication(new CookieAuthenticationOptions());

            //使用的是ADFS2.0 请使用Microsoft.Owin.Security.WsFederation.3.1.0，不要升级4.0！！！
            app.UseWsFederationAuthentication(
                new WsFederationAuthenticationOptions
                {
                    Wtrealm = new Uri(realm).GetLeftPart(UriPartial.Authority),
                    Wreply = realm.TrimEnd('/') + "/",//ADFS登录后由当前站点处理，不指定会跳转到根站点处理,必须以/结尾
                    TokenValidationParameters = new System.IdentityModel.Tokens.TokenValidationParameters()
                    {
                        ValidAudience = new Uri(realm).GetLeftPart(UriPartial.Authority),//验证ADFS登陆返回Audience
                    },
                    MetadataAddress = adfsMetadata,
                });
        }
    }
}